Security Analyst (offline)

Our work focuses on network, web, and mobile application security assessments with a diversified set of clients ranging from established businesses to newly formed startups with investments. Our company is working towards making an impact on the security posture of our clients and the security industry as such.

You have:
Experience in static and dynamic testing of Android applications
Basic understanding of Android architecture and security
Basic understanding of Android application structure (APK file)
Strong written and verbal communication English skills — you can read technical documentation and compose vulnerability reports in English
Desired qualifications:
Experience in non-functional testing
Knowledge of Android application vulnerabilities and attack vectors
Familiarity with the Mobile Application Security Verification Standard (MASVS) and the Mobile Security Testing Guide (MSTG)
Familiar with toolset: ADB, apktool, Frida (Objection), APK decompiler, BurpSuite
Practical skills in Python and Frida
Basic understanding of cryptographic algorithms
Basic understanding of web-related protocols
Experience in web testing

You will:
Conducting manual and automated verification to evaluate the security of Android applications based on OWASP MASVS
Creating detailed reports that clearly communicate vulnerabilities, mitigation strategies, and remediation steps
Effectively communicate these findings and remediation strategies to business stakeholders including technical staff, executive leadership, and legal counsel

We offer:
100% remote, work from anywhere
Flexible working hours — set up your individual schedule to deliver the best results
Flat hierarchies, smooth onboarding
Friendly atmosphere with mutual respect, trust, support, and a dedicated mentor
Highly productive environment and results-driven working culture with efficient and clear flows & processes
Long-term engagement with rich opportunities for dynamic professional growth
Competitive salary well above the market level that values your experience and skills
21 days vacation and 6 days of sick leave per year + all Ukrainian national holidays
Medical insurance 100% + additional dental stipend
Individual training budget for your constant professional education and development
English classes 100% covered
Gym membership partially covered
PE accounting

About OCTAL

OCTAL provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting. We're as comfortable with fuzzing the firmware on your novel embedded device as we are with conducting a penetration test, reviewing your source code, or evaluating the security of your Internet-scale application and our consultants speak to both engineers and boardrooms.

Company website:
https://octalsecurity.io/